njrat | b1b661fec381628844d2e6ab3f5bf7d8d545b689500f083b3261095c55e37332 | Triage

Sharing

General

Target

b1b661fec381628844d2e6ab3f5bf7d8d545b689500f083b3261095c55e37332
Size

78KB
Sample

220201-e3rr9agfdn
MD5

26c37b7faa7e4be88b62a530a05766b6
SHA1

b93496235b92c66e0ef16d634ca21b9e276471d9
SHA256

b1b661fec381628844d2e6ab3f5bf7d8d545b689500f083b3261095c55e37332
SHA512

98587b1c1f61a0085092560411df3288f8bd594832c9314e38de7d3c9eb8479e94c18c51670566f827973bd6f93454e6ea057eeb3a1fb8c1259b32e62f38f65e

Score

10^/10

njrat system persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7.3

Botnet

system

C2

turk3i.ddns.net:1008

Mutex

system.exe

Attributes

reg_key
system.exe
splitter
123

Targets

- Target
  
  b1b661fec381628844d2e6ab3f5bf7d8d545b689500f083b3261095c55e37332
- Size
  
  78KB
- MD5
  
  26c37b7faa7e4be88b62a530a05766b6
- SHA1
  
  b93496235b92c66e0ef16d634ca21b9e276471d9
- SHA256
  
  b1b661fec381628844d2e6ab3f5bf7d8d545b689500f083b3261095c55e37332
- SHA512
  
  98587b1c1f61a0085092560411df3288f8bd594832c9314e38de7d3c9eb8479e94c18c51670566f827973bd6f93454e6ea057eeb3a1fb8c1259b32e62f38f65e
Score

10^/10

njrat system persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Sets service image path in registry
  persistence
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratsystempersistencetrojan

behavioral2